Encrypting Parts of code ??

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
alix
Forum Commoner
Posts: 42
Joined: Thu Nov 18, 2004 8:41 am

Encrypting Parts of code ??

Post by alix »

I have to host files on one server.. that other people have access to, but use a MySQL database on my server. I cant have people get into the database itself.. is there a way i can encrypt the mysql_connect() information?

or should I host a single file say database.php and use the include() function to call it from their server?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

alix
Forum Commoner
Posts: 42
Joined: Thu Nov 18, 2004 8:41 am

Post by alix »

That would do it.. but i dont have $1,000.. lol Thanks though
CyberSpatium
Forum Newbie
Posts: 21
Joined: Thu Mar 20, 2003 12:23 pm
Contact:

Post by CyberSpatium »

Create a new text file and enter your mysql server userid and pass info:

Code: Select all

SetEnv DB_USER “your_username”
   SetEnv DB_PASS “your_password”
Save this flle and give it name, such as db_info. When you save it, make sure you save it outside your document root. So, for example, if your server path it:

Code: Select all

/user/www/domain.com/public_html
then create a new directory (for this example, I made new directory called inc) and save the file in the new directory:

Code: Select all

/user/www/domain.com/inc
Now, you need to edit your httpd.conf file, and add this line:

Code: Select all

Include “/user/www/domain.com/inc/db_info”
Now, to use your userid and password in your scripts use:

Code: Select all

UserID: $_SERVERї'DB_USER']
   Password: $_SERVERї'DB_PASS']
This makes your scripts more secure now because you never have to use your userid and password in any of you scripts. And you dont have to include anything as well, so even if someone was able to get your source code, they would not get your mysql userid and pass. And your db_info file is outsite of your document root path and is not acceable to outside users. Just be carefull not to use phpinfo() or print_r($_SERVER) as it will expose your userid and password variables.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

more on that solution can be read here: http://shiflett.org/articles/security-corner-mar2004
alix
Forum Commoner
Posts: 42
Joined: Thu Nov 18, 2004 8:41 am

Post by alix »

Thanks alot guys, i've got some learning to do... This all should help. :)
Post Reply